EY Jobs

Job Information

EY Cybersecurity Threat Hunting - Senior - Consulting - Location OPEN in San Francisco, California

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.

The opportunity

You'll work alongside respected industry professionals, learning about and using the latest tools and techniques to identify and overcome some of the most relevant and pressing security issues in the world. It's a highly specialized area, where you'll learn highly sought-after technical skills, all while developing your relationship management abilities.

Your key responsibilities

Our security professionals possess diverse industry knowledge, along with unique technical expertise and specialized skills. The team stays highly relevant by servicing our client's unique and challenging needs, attending and speaking at top security conferences around the world, sharing knowledge on a variety of topics with key industry groups, and taking best-in-industry training. The team frequently provides thought leadership and information exchanges through traditional and less conventional communications channels such as speaking at conferences and publishing white papers.

As part of our Cybersecurity Consulting practice, you'll assist clients in identifying potential threats, vulnerabilities, and deficiencies in their environments and aid them by bolstering their cybersecurity maturity and resilience.

Skills and attributes for success

  • Execute security assessments to identify potential threats, vulnerabilities, and deficiencies in client environments.

  • Conduct research, develop, and implement solutions to protect our clients against new attack techniques and threats.

  • Solve challenging technical problems and devise creative solutions.

  • Perform in-depth analysis of testing results, create reports that articulate findings, and develop risk mitigation recommendations.

  • Manage engagement execution and ensure project timelines remain on track.

  • Manage multiple competing priorities, thrive in a matrixed organization and work independently as well as part of diverse teams as the situation requires.

  • Coach and provide technical leadership/advice to junior team members and encourage them to take ownership of their engagements and development.

To qualify for the role, you must have

  • Bachelor's Degree in Computer Science, Computer Engineering, Cybersecurity, Management Information Systems or related field

  • A minimum of 3-5 years of work experience in cybersecurity

  • Familiarity and understanding with one or more of the below:

  • Proficiency with one or more Endpoint Detection and Response Tools (Tanium, CrowdStrike, Carbon Black, etc.).

  • Experience with threat actor simulation tools, such as AttackIQ or MSV/Verodin.

  • Experience with at least one of the following:

  • Performing incident response efforts against advanced threat actors or having been a part of a formal incident response team.

  • Compromise, vulnerability assessment and/or penetration testing of commercial, consumer, and industrial environments.

  • Experience and the capability to analyse, disassemble, and reverse engineer malware.

  • Contribution to a cyber intelligence capability to identify potential threats, delivering strategic reports, and strategies to minimize the impact of the threat.

  • Development of security requirements by evaluating business strategies and requirements, researching information security standards, conducting system security and vulnerability analyses and risk assessments, studying architecture/platform, identifying integration issues, and preparing estimates.

  • Experience with one or more scripting language, e.g., PowerShell, Python

  • Experience effectively and efficiently managing projects from start to finish.

  • Deep understanding of Windows, Linux, Unix, MacOS

  • Strong written and verbal communication skills with the ability to interact with senior management, technical teams, and key client stake holders to convey complex technical security concepts to both technical and non-technical audiences.

  • Willingness and ability to travel domestically and internationally to meet client needs

Ideally, you'll also have

  • Experience evaluating the technical and non-technical aspects of mature cybersecurity programs from security operations, legal and regulatory requirements, business enablement, governance, risk management, and identity and access management.

  • Experience and familiarity with cloud-based environments and hosting.

  • Experience developing and implementing a remediation strategy based on identified gaps in a client environment.

  • Understanding of common attack vectors against devices, applications, and operating systems.

  • Understanding of networked product security including firmware, hardware, and management control plan threat-modeling and testing

  • Proficiency with consulting engagement methodologies and approach, understanding how to apply a technical skill or ability to a client need.

  • Familiarity with the latest events, threat actors, vulnerabilities, security trends, and mitigations in cybersecurity.

  • Familiarity with cybersecurity frameworks and published documentation MITRE ATT&CK, CIS Top 20, OWASP Top 10, NIST 800-53, ISO 27001, etc.

  • An industry leading certification: CISSP, CISM, GMON, GFCE, GPEN, GREM, GNFA, etc.

What we look for

We're interested in intellectually curious people with a genuine passion for cybersecurity. With your expertise, we'll turn to you to speak up with innovative ideas that could make a lasting difference not only to us – but also to the industry. If you have the confidence in both your presentation and technical abilities to grow into a leading expert here, this is the role for you.

What we offer

We offer a comprehensive compensation and benefits package where you’ll be rewarded based on your performance and recognized for the value you bring to the business. The salary range for this job in most geographic locations in the US is $100,800 to $184,800. The salary range for New York City Metro Area, Washington State and California (excluding Sacramento) is $121,000 to $210,000. Individual salaries within those ranges are determined through a wide variety of factors including but not limited to education, experience, knowledge, skills and geography. In addition, our Total Rewards package includes medical and dental coverage, pension and 401(k) plans, and a wide range of paid time off options. Under our flexible vacation policy, you’ll decide how much vacation time you need based on your own personal circumstances. You’ll also be granted time off for designated EY Paid Holidays, Winter/Summer breaks, Personal/Family Care, and other leaves of absence when needed to support your physical, financial, and emotional well-being.

  • Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.

  • Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.

  • Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.

  • Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

If you can demonstrate that you meet the criteria above, please contact us as soon as possible.

The exceptional EY experience. It’s yours to build.

EY | Building a better working world

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.

Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.

EY is an equal opportunity, affirmative action employer providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.

EY is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and either need assistance applying online or need to request an accommodation during the interview process, please call 1-800-EY-HELP3, type Option 2 (HR-related inquiries) and then type Option 1 (HR Shared Services Center), which will route you to EY’s Talent Shared Services Team or email SSC Customer Support at ssc.customersupport@ey.com .